Bad hello on TLS closure 81/29581/2
authorOleksii Beketov <ol.beketov@samsung.com>
Wed, 10 Jul 2019 13:40:50 +0000 (16:40 +0300)
committerOleksii Beketov <ol.beketov@samsung.com>
Wed, 10 Jul 2019 14:57:42 +0000 (14:57 +0000)
Prevent treating reciprocal close_notify alert
as an error after TSL connection closure.

Change-Id: I22bc91a2f3c3e9bc13438588ca17b5944fcdc48f
Signed-off-by: Oleksii Beketov <ol.beketov@samsung.com>
resource/csdk/connectivity/src/adapter_util/ca_adapter_net_ssl.c

index 4254b45..dede14f 100644 (file)
@@ -1186,17 +1186,28 @@ static bool checkSslOperation(SslEndPoint_t*  peer,
         (MBEDTLS_SSL_ALERT_MSG_UNKNOWN_PSK_IDENTITY != ret) &&
         (MBEDTLS_SSL_ALERT_MSG_NO_APPLICATION_PROTOCOL != ret))
     {
-        size_t bufSize = 1024;
-        char *bufMsg = (char*)OICCalloc(1, bufSize);
-        if (bufMsg)
+        if (MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO == ret)
         {
-            mbedtls_strerror(ret, bufMsg, bufSize);
-            OIC_LOG_V(ERROR, NET_SSL_TAG, "%s: 0x%X: %s", __func__, -ret, bufMsg);
-            OICFree(bufMsg);
+            unsigned char *buf = peer->ssl.in_hdr;
+            if (buf[0] == 0x15)
+            {
+                OIC_LOG_V(INFO, NET_SSL_TAG, "encrypted alert message received");
+            }
         }
         else
         {
-            OIC_LOG_V(ERROR, NET_SSL_TAG, "%s: -0x%x", (str), -ret);
+            size_t bufSize = 1024;
+            char *bufMsg = (char*)OICCalloc(1, bufSize);
+            if (bufMsg)
+            {
+                mbedtls_strerror(ret, bufMsg, bufSize);
+                OIC_LOG_V(ERROR, NET_SSL_TAG, "%s: 0x%X: %s", __func__, -ret, bufMsg);
+                OICFree(bufMsg);
+            }
+            else
+            {
+                OIC_LOG_V(ERROR, NET_SSL_TAG, "%s: -0x%x", (str), -ret);
+            }
         }
 
         // Make a copy of the endpoint, because the callback might